The responsible data processor for the online store lastella.ee is Aares & Helina OÜ (registration code 16406336) that resides in Arhitekti 2-1, Tartu and e-mail is info@lastella.ee.

What personal data is processed?

What personal data is processed?
− name, phone number ja e-mail;
− delivery address;
− bank details;
− The cost of goods and services and payment-related data (purchase history);
− client’s details;
− IP address.

Legal basis

The processing of personal data is carried out for the purpose of fulfilling the contract concluded with the customer. The processing of personal data is carried out for the fulfillment of a legal obligation (e.g., accounting and consumer dispute resolution).

Recipients to whom personal data is disclosed.

The name, phone number, and email address are shared with the transport service provider chosen by the customer. “If it’s a delivery by courier, in addition to the contact information, the customer’s address is also provided.
If the online store’s accounting is carried out by a service provider, then personal data is transmitted to the service provider for accounting purposes.
Personal data may be transferred to information technology service providers if it is necessary to ensure the functionality or data hosting of the online store.

Security and access to data

“Personal data is stored on servers owned by Zone Media OÜ, located in a European Union member state or in countries that are part of the European Economic Area.

Access to personal data is granted to the employees of the online store who need to access personal data in order to address technical questions related to the use of the online store and provide customer support. The online store implements appropriate physical, organizational, and information technology security measures to protect personal data from accidental or unlawful destruction, loss, alteration, or unauthorized access and disclosure. The transfer of personal data to authorized processors of the online store (e.g., transport service provider and data hosting) is based on contracts concluded between the online store and authorized processors. Authorized processors are obligated to ensure appropriate security measures when processing personal data.

Familiarization with and correction of personal data

You can view and make corrections to personal data in the online store user profile. If a purchase has been made without a user account, you can access personal data through customer support.

Withdrawal of consent

If the processing of personal data is based on the customer’s consent, the customer has the right to withdraw their consent by notifying customer support via email.

Retention

When closing the online store customer account, personal data is deleted, except for personal data (purchase history data) that needs to be retained for accounting purposes or resolution of consumer disputes.
In cases of disputes related to payments and consumer disputes, personal data is retained until the claim is satisfied or the expiration of the statute of limitations.
Personal data contained in accounting source documents is retained for seven years.

Restriction

The customer has the right to request the restriction of processing of their personal data if the data is inaccurate or incomplete, or if their personal data is being processed unlawfully.

Objections

The customer has the right to object to the processing of their personal data if they have reason to believe that there is no legal basis for the processing of their personal data.

Deletion

To delete personal data, you need to contact customer support via email. A response to the deletion request will be provided no later than within one month, and the data deletion period will be specified.
The response to the request will also specify the personal data that will not be deleted, along with the legal basis and reasoning for this.

Transfer

A response to the request for the transfer of personal data submitted via email will be provided within one month at the latest. The customer support verifies the identity and informs about the personal data that is subject to transfer.

Dispute resolution

The resolution of disputes related to the processing of personal data takes place through customer support via email at info@lastella.ee.

Direct Marketing Messages

The email address and phone number are used for sending direct marketing messages and product feedback emails when the customer has agreed to the data protection terms. If the customer does not wish to receive direct marketing messages, they should choose the appropriate link in the email footer or contact customer support.

Dispute resolution

The resolution of disputes related to the processing of personal data takes place through customer support at info@lastella.ee. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).